Bug 55714 (CVE-2004-0547)

Summary: VUL-0: CVE-2004-0547: buffer overflow in postgresql
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: krahmer, meissner, patch-request, security-team, thomas
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0547: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: proposed patch from debian
proposed patchinfo for <= 8.1
proposed patchinfo for 8.2+
proposed patchinfo for sles8

Description Sebastian Krahmer 2004-05-17 21:00:06 UTC 
Date: Sun, 16 May 2004 08:57:45 +0200
From: Martin Schulze <joey@infodrom.org>
To: vendor-sec@lst.de
Subject: [vendor-sec] Problem in PostgreSQL/ODBC
Parts/Attachments:
   1 Shown     19 lines  Text
   2   OK     169 lines  Text
----------------------------------------

A buffer overflow has been discovered in the ODBC driver of PostgreSQL,
an object-relational SQL database, descended from POSTGRES.  It possible
to exploit this problem and crash the surrounding application.  Hence, a
PHP script using php4-odbc can be utilised to crash the surrounding
Apache webserver.  Other parts of postgresql are not affected.

This problem was reported through the Debian Bug Tracking System:
http://bugs.debian.org/247306

Our maintainer has already informed upstream and sent them a patch.

I'm including the patch against version 7.2.1.

Regards,
Joey
Comment 1 Sebastian Krahmer 2004-05-17 21:00:06 UTC 
<!-- SBZ_reproduce  -->
...
Comment 2 Sebastian Krahmer 2004-05-17 21:01:48 UTC 
Created attachment 19739 [details]
proposed patch from debian

...
Comment 3 Sebastian Krahmer 2004-05-18 17:39:09 UTC 
Huh, what was the package name again?? I think I edited the field
when I made the entyr but it seemed to disappear. It was some odd name...
Comment 4 Reinhard Max 2004-05-18 17:52:35 UTC 
It depends on what version(s) we are talking about.
Previously it was a subpackage of postgresql called postgresql-odbc, but then it
became a separate project, and so I put it into a separate package and gave it
the same name as the project: psqlODBC.
Comment 5 Sebastian Krahmer 2004-05-18 17:55:03 UTC 
So we need different patchinfo files?
Comment 6 Reinhard Max 2004-05-18 18:00:32 UTC 
I think so, but I am not so familiar with patchinfo files.
BTW, which versions are affected?
Comment 7 Sebastian Krahmer 2004-05-18 18:06:45 UTC 
We will create patchinfo files, if you tell us which packages for
which distros you checked in :-)
The patch is probably needed for any version that has
make_string(const char *s, int len, char *buf) since they add a size
parameter in the patch.
Comment 8 Reinhard Max 2004-05-18 18:11:52 UTC 
postgresql-odbc for all SLES8/UL1 and the box up to 8.1
psqlODBC for SLS9 and the box starting from 8.2
Comment 9 Ludwig Nussel 2004-05-18 21:08:00 UTC 
will SLES9 include the fixed package or is a patchinfo for that required as 
well?
Comment 10 Reinhard Max 2004-05-18 21:16:45 UTC 
No patchinfo is needed for SLES9, because it hasn't been released yet.
Comment 11 Ludwig Nussel 2004-05-18 21:44:30 UTC 
Created attachment 19838 [details]
proposed patchinfo for <= 8.1
Comment 12 Ludwig Nussel 2004-05-18 21:45:19 UTC 
Created attachment 19839 [details]
proposed patchinfo for  8.2+
Comment 13 Ludwig Nussel 2004-05-18 21:46:05 UTC 
Created attachment 19840 [details]
proposed patchinfo for  sles8
Comment 14 Ludwig Nussel 2004-05-24 17:38:33 UTC 
are you making progress with integrating the patch into the packages?
Comment 15 Reinhard Max 2004-05-24 17:41:44 UTC 
Yes, SLES8 is done, but not yet submitted.
Comment 16 Reinhard Max 2004-05-25 22:50:43 UTC 
Submitted packages for 8.0, sles8/8.1, 8.2, 9.0, 9.1/sles9, and STABLE.
Comment 17 Ludwig Nussel 2004-05-26 17:11:32 UTC 
<!-- SBZ_reopen -->Reopened by lnussel@suse.de at Wed May 26 11:11:32 2004, took initial reporter krahmer@suse.de to cc
Comment 18 Ludwig Nussel 2004-05-26 17:11:32 UTC 
reopen to reassign to security-team for further tracking
Comment 19 Thomas Biege 2004-05-28 17:20:34 UTC 
Thanks...
Comment 20 Ludwig Nussel 2004-06-07 17:05:52 UTC 
*** Bug 56713 has been marked as a duplicate of this bug. ***
Comment 21 Thomas Biege 2004-06-29 19:43:28 UTC 
packages approved
Comment 22 Marcus Meissner 2007-10-29 19:24:59 UTC 
CVE-2004-0547
Comment 23 Thomas Biege 2009-10-13 20:22:48 UTC 
CVE-2004-0547: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)